- Why hotels need to move to cloud-based PBX April 17, 2017
- Voice over IP or how to facilitate remote work for your employees March 14, 2017
- IP telephony and security: basic rules March 2, 2017
- Top Security Issues With IP-PBX Systems March 17, 2016
- How SIP Trunking Raises Your Bottom Line February 24, 2016
- Succeeding as a VoIP Service Provider February 18, 2016
Connect With Us
Book a Free ConsultationContact Form
Posted by Olivier Benny | Thursday, 17 March, 2016 | Comments Off on Top Security Issues With IP-PBX Systems
Modern IP-PBX Systems and Security Considerations
Use of Voice over IP technology has seen rapid growth in recent years. And like any other popular internet-based technology, IP-PBX systems present users with a certain number of security risks. Indeed, IP telephone protocols are vulnerable to a wide range of low-level attacks, including session hijacking, identity theft and network traffic sniffing, which allow hackers to decipher and listen to private voice conversations. Businesses currently on the market for IP-PBX systems should make sure that the software they choose will have safeguards in place to protect against some of the more common VoIP attacks, outlined below.
VOIP fraud is accomplished by identifying a security loophole in a VOIP system and determining which routes are associated to which accounts. Hackers employ tools (which vary in sophistication) and user-ID-generators to send calls to a company phone system. Calls which are successfully routed are then stored alongside the generated ID for future disturbance. Some software providers have designed SIP Stack and Call Controller modules aimed at discovering and acting upon attack of this nature. Dial-Office IP-PBX, for example, will immediately connect intercepted hack calls to a fake route (dead air) while simultaneously recording the source’s IP address. All subsequent calls from that IP Address are then automatically dispatched to a fake route.
Spoofing is an attack which consists of ‘turtling’ a system in order to disrupt network service. This type of attack is of particular concern as it can be orchestrated by experienced and ‘novice’ hackers alike. Quality IP-PBX systems will typically feature a process that determines the IP address from which ‘Spoof’ SIP messages are sent. Once illegitimate SIP messages have been identified & filtered-out, the IP address from which they are sent will usually be banned, though this is often left to the discretion of the PBX administrator.
Given the highly confidential nature of certain calls, professional-grade IP-PBX, Softswitch & hosted PBX solutions will often feature systems with multiple levels of signal & voice encryption to provide additional security. One such system combines the standard method (TLS for signal & SRTP for voice) with IP Phone proprietary protocols to achieve what is sometimes referred to as ‘end-to-end encryption’.
IP telephone systems offer a great number of business benefits to users, including reduced operating costs & a superior degree of responsiveness. Nevertheless, software- and especially web-based PBX solutions should not be adopted without careful consideration of the security issues at hand. As for companies who are already ‘saddled in’, regular checking for software updates, patches & add-ons is an essential step towards reducing the latest VoIP vulnerability risks.